Professional Documents
Culture Documents
Governance framework
Deloitte | IoT Governance
Contents
Introduction 04
Conclusion 14
References 14
03
Deloitte | IoT Governance
Introduction
The major change that the Internet of This paper is intended to showcase how IoT is essentially a giant
Things (IoT) is bringing to the digital IoT governance can be implemented.
ecosystem at various levels (organizational However, it is important to note that network of connected
and national) is the opening up of the the IoT industry is going through rapid devices. The Joint
discussion on how to govern the work and major developments on a daily
around this new disruptor. basis, hence agility and an open mindset Coordination Activity on
are crucial for the success of any such Internet of Things (JCA-
This paper focuses on IoT governance governance schemes.
related issues. In the sections of this IoT) calls IoT “a global
paper we will provide the context and a infrastructure for the
brief background on the emergence of
IoT, discuss how IoT operations can be information society.”
governed and what is needed, including
the roles and responsibilities involved in
IoT governance, and describe a proposed
governance framework implementation
as well as the future challenges facing IoT
governance.
04
Deloitte | IoT Governance
In recent years, the Internet of Things 2. Analytics Modern smart sensors and devices use
(IoT) has been a buzzword in the The analog data that are derived from various ways to connect. Wireless networks
technology space, used to refer to multiple devices and sensors are converted into a like LoRAWAN, Wi-Fi, and Bluetooth make
applications and scenarios. However, let format that is easy to read and analyze. it easy for them to maintain connectivity
us take a step back and ask just what IoT The key attribute of the IoT ecosystem (please refer to figure 1 to view the
exactly is. In simple terms, it is essentially is that it supports real-time analysis that indicative layers for IoT).
the connection of devices to the Internet detects irregularities and prevents data
and the connection between them through loss or data scams to prevent malicious 4. Cloud computing
sensors. These devices include everything attacks. With the help of the IoT ecosystem,
from handheld gadgets to washing organizations are able to collect bulk
machines, coffee makers to toasters and 3. Connectivity of devices amounts of data from sensors, devices,
almost any other device you can think of. The main component completing the and applications. There are various tools
According to Business Insider, forecasts connectivity layer are sensors and devices. that are used for the purpose of data
predict that by 2027 there will be over 41 Sensors collect information and send it off collection that can collect, process, handle
billion connected devices. Therefore, IoT to the next layer, where it is processed. and store the data efficiently and in real
is essentially a giant network of connected With the advancement of technology, time; this can be performed by using IoT
devices. The Joint Coordination Activity semiconductor technology allows the Cloud.
on Internet of Things (JCA-IoT) calls IoT “a production of smart micro sensors that
global infrastructure for the information can be used for several applications, some 5. User interface
society”. of which are as follows: The IoT ecosystem depends immensely on
• Proximity detection user interfaces, which provide a visible and
To understand the complexity of IoT and • Humidity or moisture level physical part that can be easily accessed
the pressing need to properly govern • Temperature sensors and thermostats by the user. It is important to have a user-
this ecosystem, it is worth looking into • Pressure sensors friendly interface to ensure a proper user
the components that build up this giant • RFID tags, etc. and administrator experience.
network of connected devices.
05
Deloitte | IoT Governance
06
Deloitte | IoT Governance
The rationale behind any governance framework is to stabilize the operations of any
institution and ensure a consistent and stable outcome.
Application layer
Apps
Network layer
IoT devices transmit data to their
respective platforms using the
Infrastructure
In the case of IoT, the IT areas affected integrity and data security for information In addition, the framework should ensure
by this new technology could be split shared by all IoT devices in the enterprise that all infrastructure devices, and IoT
into three: data, infrastructure, and network. It should also maintain the devices in particular, are well protected,
architecture. In the same manner, the trusted source of information across the physically and digitally, to prevent any
aspects of any IoT governance framework different layers of the IoT architecture. unlawful intrusion or improper functioning.
should cover these three areas. An IoT
governance framework should ensure data
07
Deloitte | IoT Governance
08
Deloitte | IoT Governance
Figure 2: IoT Governance Pillars mapped to the Dimensions of the Deloitte Digital Maturity Framework
Operations
Fundamental Pillars of IoT Governance
Customers
Providing an experience where customers view the
organization as their digital partner using their preferred
channels of interaction to control their connected future
on and offline.
09
Deloitte | Process analysis
Security architect
The security architect supports the IoT
architect in defining the security solutions
by analyzing data, infrastructure, and Device SME
application security requirements.
Moreover, the security architect designs,
plans, and implements secure coding
practices and security testing methodology,
and performs security audits.
Security architect
IoT developer (in case of IoT
development)
An IoT developer is responsible for the
development and implementation of all
related IoT applications/tools for data Device SME
collection and data analytics. The SME finalizes device/product
specifications based on data collection
requirements and the IoT solution
IoT tester (in case of IoT development) architecture. The device SME also helps
The IoT tester is responsible for testing the in choosing the right devices/products for
developed solutions including the overall the IoT solution and works with the IoT
solution in addition to security tests. architect and infrastructure architect to set
up communication networks that connect
IoT devices/products. The device SME is
Data analyst also a key participant in finalizing device
Data analysts define plans and strategies management policies and principles,
related to data collection, models, including device/product physical security
mapping, and reporting. and cybersecurity.
10
Deloitte | Process analysis
1
Governance framework Collect IoT ecosystem requirements
• Understand the organization’s IoT strategy
• Decide on the controls of IoT investment
• IoT projects KPIs
1 2
Design IoT Governance framework
• Set the Governance groups
• Ensure all aspects of IoT governance are covered in the framework
• Scenario analysis and use cases verification
• Create a repository of all attributes related to the Governance framework
4 IoT
2
3
Governance Implement and operate IoT Governance framework
• Setup the relative governance bodies
• Build the proper culture
• Implement the defined processes, controls, and associated roles
• Implement the change management process
3
4
Maintain and evolve IT Governance framework
• Monitor change in the organizational goals and strategies
• Adjust the IT operating models to cope with the needed changes
• Build the cultural shift needed to continuously evolve the IoT governance framework
11
Deloitte | IoT Governance
12
Deloitte | IoT Governance
Privacy rights
Wearable devices are being used by the
healthcare sector, and will see steady
development. However, can you imagine
all these medical devices using Cloud and
storing their images for intelligent systems?
This will raise the question of data
privacy among citizens and government
regulators.
13
Deloitte | IoT Governance
Conclusion
IoT is changing rapidly and becoming the roles and responsibilities, and the
increasingly complex. While its existence various ways in which such governance
is a clear disruptor, its widespread and can be implemented and how IoT is likely
complex nature requires good governance. to change even more in the future. A
An IoT implementation involves multiple holistic approach of this nature will help
components and stakeholders as well as organizations and nations maximize their
the coming together of multiple internal benefits while minimizing the risks of IoT
and external entities related to the implementation.
organization. The governance of IoT has
to be approached in a multi-dimensional
fashion by looking at different aspects,
such as the various layers and components
involved in IoT, the pillars of governance,
References
1. Dayal, “IoT Ecosystem Components: The Complete Connectivity Layer”, May 28, 2018
2. Gantait, Patra, Mukherjee, “Defining your IoT governance practices”, Jan. 19, 2018
3. Serbanati, Rotondi, Vermesan, Baldini, “IoT governance, Privacy and Security Issues”, Nov. 14,
2014
4. Jones, Wallin “How an IoT Center of Excellence Can Help CIOs Deliver Better IoT Solutions”, July
27, 2017
5. Newman, Peter “THE INTERNET OF THINGS 2020: Here’s what over 400 IoT decision-makers
say about the future of enterprise connectivity and how IoT companies can use it to grow
revenue”, March 6, 2020
6. IBM “Defining your IoT governance practices”, January 19, 2018
14
Deloitte | IoT Governance
Authors
15
This publication has been written in general terms and therefore cannot be relied on to cover specific
situations; application of the principles set out will depend upon the particular circumstances involved
and we recommend that you obtain professional advice before acting or refraining from acting on any of
the contents of this publication.
Deloitte & Touche (M.E.) LLP (“DME”) is the affiliate for the territories of the Middle East and Cyprus of
Deloitte NSE LLP (“NSE”), a UK limited liability partnership and member firm of Deloitte Touche Tohmatsu
Limited, a UK private company limited by guarantee (“DTTL”).
Deloitte refers to one or more of DTTL, its global network of member firms, and their related entities.
DTTL (also referred to as “Deloitte Global”) and each of its member firms are legally separate and
independent entities. DTTL, NSE and DME do not provide services to clients. Please see www.deloitte.
com/about to learn more.
Deloitte is a leading global provider of audit and assurance, consulting, financial advisory, risk advisory,
tax and related services. Our network of member firms in more than 150 countries and territories, serves
four out of five Fortune Global 500® companies. Learn how Deloitte’s approximately 300,000 people
make an impact that matters at www.deloitte.com.
DME would be pleased to advise readers on how to apply the principles set out in this publication to their
specific circumstances. DME accepts no duty of care or liability for any loss occasioned to any person
acting or refraining from action as a result of any material in this publication.
DME is a leading professional services firm established in the Middle East region with uninterrupted
presence since 1926. DME’s presence in the Middle East region is established through its affiliated
independent legal entities, which are licensed to operate and to provide services under the applicable
laws and regulations of the relevant country. DME’s affiliates and related entities cannot oblige each
other and/or DME, and when providing services, each affiliate and related entity engages directly and
independently with its own clients and shall only be liable for its own acts or omissions and not those of
any other affiliate.
DME provides audit and assurance, consulting, financial advisory, risk advisory and tax, services through
27 offices in 15 countries with more than 5,000 partners, directors and staff.